LDAP Registry Access Approval Process

Central authentication and identity attribute retrieval is granted only by request. If approved the individual application is assigned a credential for accessing the LDAP Registry. That credential is created with an Access Control List (ACL) within the Registry that limits what data items the application can read, write or query.

Access to the LDAP Registry must be requested, justified, granted, and acknowledged. View the Authentication and Registry Data Access Request and Review Process pdf for greater detail and the required forms to be submitted. In brief:

  • The application administrative and technical contacts complete a detailed request form and send it to ISA.
  • Northwestern IT assesses the security environment described in the request and obtains clarification as needed.
  • If the request involves retrieval of identity attributes, Northwestern IT forwards the request to the appropriate custodian of that data for approval to release the information to the requester. The data custodian may discuss the request directly with the requester.
  • If the request is approved by all reviewers, then the administrative contact signs an agreement form acknowledging that the information being released will be used solely for the purpose described in the request. This document is countersigned by the data custodian and kept on file
  • Northwestern IT creates the application's unique credentials and ACL to complete the request.

Documentation

Was this helpful?
0 reviews

Details

Article ID: 1916
Created
Fri 7/29/22 11:44 AM
Modified
Sun 2/19/23 8:58 PM

Related Services / Offerings (1)

Directory Services
Directory services help provide people and systems with the ability to look up information about people based on various criteria from things as simple as their name to their Northwestern school affiliation, degree programs, etc. Directory Services include the Northwestern online directory, the ADS Active Directory forest, the LDAP directory, and various others.